Spring Boot Sping Boot 3返回错误凭据

cld4siwp 于 2023-01-09 发布在 Spring

关注(0)|答案(1)|浏览(160)

我试图用bootspring 3制作简单的数据库凭据。
这是我的网络安全配置文件：

package com.test.admin.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;

import static org.springframework.security.config.Customizer.withDefaults;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests((authz) -> authz
                .requestMatchers("/webjars/**", "/resources/**", "/css/**", "/images/**").permitAll().anyRequest()
                .authenticated()).formLogin((form) -> form.loginPage("/login").usernameParameter("email").permitAll())
                .authenticationProvider(authenticationProvider())
                .httpBasic(withDefaults());
        return http.build();
    }
    @Bean
    public testUserDetailsService testUserDetailsService() {
        return new testUserDetailsService();
    }
    public DaoAuthenticationProvider authenticationProvider() {
        DaoAuthenticationProvider authenticationProvider = new DaoAuthenticationProvider();
        authenticationProvider.setUserDetailsService(testUserDetailsService());
        authenticationProvider.setPasswordEncoder(passwordEncoder());

        return authenticationProvider;
    }
    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authConfiguration) throws Exception {
        return authConfiguration.getAuthenticationManager();
    }
}

这是我的客户名用户详细信息服务：

package com.test.admin.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import com.test.admin.user.UserRepository;
import com.test.common.entity.User;

public class testUserDetailsService implements UserDetailsService {

    @Autowired
    private UserRepository userRepository;
    
    @Override
    public UserDetails loadUserByUsername(String email) throws UsernameNotFoundException {

        User user = userRepository.getUserByEmail(email);
        System.out.println(user);
        if(user != null) {
            return new testUserDetails(user);
        }
        throw new UsernameNotFoundException("Could not find user with email : " + email); 
    }

}

现在，每次我登录与currect用户名和密码，它显示错误的凭据消息：

我甚至删除了JSESSIONID，但仍然无法接通。
我的日志还显示数据库记录已正确获取：

org.hibernate.SQL                       [0;39m [2m:[0;39m 
    select
        u1_0.id,
        u1_0.email,
        u1_0.enabled,
        u1_0.firstName,
        u1_0.lastName,
        u1_0.password,
        u1_0.photos 
    from
        users u1_0 
    where
        u1_0.email=?
Hibernate: 
    select
        u1_0.id,
        u1_0.email,
        u1_0.enabled,
        u1_0.firstName,
        u1_0.lastName,
        u1_0.password,
        u1_0.photos 
    from
        users u1_0 
    where
        u1_0.email=?
[2m2023-01-07T13:28:00.353+03:30[0;39m [32mDEBUG[0;39m [35m43900[0;39m [2m---[0;39m [2m[0.1-8080-exec-7][0;39m [36morg.hibernate.SQL                       [0;39m [2m:[0;39m 
    select
        r1_0.user_id,
        r1_1.id,
        r1_1.descriptions,
        r1_1.name 
    from
        users_roles r1_0 
    join
        roles r1_1 
            on r1_1.id=r1_0.role_id 
    where
        r1_0.user_id=?
Hibernate: 
    select
        r1_0.user_id,
        r1_1.id,
        r1_1.descriptions,
        r1_1.name 
    from
        users_roles r1_0 
    join
        roles r1_1 
            on r1_1.id=r1_0.role_id 
    where
        r1_0.user_id=?
User [id=3, email=test@test.com, firstName=test, lastName=test, roles=[Editor, Assistant]]

即使在使用该机制之后仍然没有希望：
Spring Security 6.0 Dao Authentication
并将我的WebSecurityConfig更改为：

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests((authz) -> authz
                .requestMatchers("/webjars/**", "/resources/**", "/css/**", "/images/**").permitAll().anyRequest().authenticated())
                .formLogin((form) -> form.loginPage("/login").usernameParameter("email").permitAll())
                .authenticationManager(authenticationManager())
                .httpBasic(withDefaults());
        return http.build();
    }

    
    @Bean
    public AuthenticationManager authenticationManager(){
        DaoAuthenticationProvider authProvider = new DaoAuthenticationProvider();
        authProvider.setUserDetailsService(testUserDetailsService());
        authProvider.setPasswordEncoder(passwordEncoder());
        return new ProviderManager(authProvider);
    }
    
    
    @Bean
    public testUserDetailsService testUserDetailsService() {
        return new testUserDetailsService();
    }

}

同样，这样制作AuthenticationManager也没有帮助：

@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
    http.authorizeHttpRequests((authz) -> authz
            .requestMatchers("/webjars/**", "/resources/**", "/css/**", "/images/**").permitAll().anyRequest().authenticated())
            .formLogin((form) -> 
            form.loginPage("/login").permitAll()
            .usernameParameter("email")
            .defaultSuccessUrl("/home"))
            .authenticationManager(authenticationManager(http));
    return http.build();
}

@Bean
public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception{
        return http.getSharedObject(AuthenticationManagerBuilder.class)
          .userDetailsService(testUserDetailsService())
          .passwordEncoder(passwordEncoder())
          .and()
          .build();
}

好吧，如果我删除自定义登录方法此行：

.formLogin((form) -> form.loginPage("/login").usernameParameter("email").permitAll())

并且使用Spring程序的默认登录正确工作，但是我想使用我的默认路由代替。

spring-boot

来源：https://stackoverflow.com/questions/75039450/spring-boot-3-returns-bad-credentials

1条答案

按热度按时间

k7fdbhmy1#

经过24小时的检查所有的方法，这完全是我的错误：

<div class="mb-3">
                <label for="_password" class="form-label">Password</label>
                <input type="password"
                    class="form-control bg-info bg-opacity-10 border border-primary"
                    name="_password" id="_password">
            </div>

默认密码字段名和id不正确.

赞(0）回复(0）举报 2023-01-09

我来回答

Spring Boot Sping Boot 3返回错误凭据

1条答案

相关问题

热门标签

最新问答